[Standards-JIG] RE: Encrypted sessions

Brian Raymond brian.raymond at je.jfcom.mil
Wed Jun 7 19:35:35 UTC 2006


Not that it's widely deployed but in some environments the risk of
maintaining session keys could be mitigated if there was an encryption mode
tying in PKI support. This would allow for offline messages, but it will
make things more complicated by allowing that method.

- Brian

On 6/7/06 2:04 PM, "Jean-Louis Seguineau" <jean-louis.seguineau at laposte.net>
wrote:

> That's excellent news. JEP-116 provides a very good starting point.
> I nevertheless believe it can be simplified by only keeping the "online
> sessions crypto" part.
> 
> The support for encrypted stanzas when offline is adding complexity to the
> overall implementation, and increasing the security risk by mandating the
> long term session keys to be "kept" on the client machine.
> 
> If we do not do "offline crypto" then we just have to do a Diffie-Helmann
> keys exchange for every new p2p session, and discard all crypto material
> when a session is ended. The overall process becomes simpler, as every
> session starts new, and there is no need to check if previous long term keys
> have been negotiated earlier.
> 
> Jean-Louis 
> 
> 
> 
> -----Original Message-----
> Message: 1
> Date: Wed, 07 Jun 2006 10:08:06 -0600
> From: Peter Saint-Andre <stpeter at jabber.org>
> Subject: Re: [Standards-JIG] expiring JEPs
> To: Jabber protocol discussion list <standards-jig at jabber.org>
> Message-ID: <4486F9E6.6010707 at jabber.org>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Ian Paterson wrote:
>>>> JEP-0116: Encrypted Sessions
>>>>           http://www.jabber.org/jeps/jep-0116.html
>>> Come on guys, we need someone to pick up the torch on E2E encryption.
>> 
>> This summer we should have two implementations. Jan Sembera's upcoming
>> open-source library and my commercial JavaScript library. The experience
>> will no doubt result in improvements to the protcol.
> 
> Yes, and it's possible that we might establish funding and/or bounties
> for other implementations.
> 
> Peter
> 
> - --
> Peter Saint-Andre
> Jabber Software Foundation
> http://www.jabber.org/people/stpeter.shtml
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFEhvnmNF1RSzyt3NURAqPcAKCMQrrn4CmWvN/wn4VzIuY24I69UwCghz6k
> zzFfpn9MHHW+zRfs7aUCSbQ=
> =i9Ax
> -----END PGP SIGNATURE-----
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: smime.p7s
> Type: application/x-pkcs7-signature
> Size: 3641 bytes
> Desc: S/MIME Cryptographic Signature
> Url :
> http://mail.jabber.org/pipermail/standards-jig/attachments/20060607/4f4db0cf
> /smime-0001.bin
> 
> ------------------------------
> 
> _______________________________________________
> Standards-JIG mailing list
> Standards-JIG at jabber.org
> http://mail.jabber.org/mailman/listinfo/standards-jig
> 
> 
> End of Standards-JIG Digest, Vol 29, Issue 20
> *********************************************
> 




More information about the Standards mailing list